]> granicus.if.org Git - php/commitdiff
projects / php / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 773f4c5)
Re-fixed bug #60825 (Segfault when running symfony 2 tests)
authorXinchen Hui <laruence@php.net>
Tue, 24 Jan 2012 14:39:45 +0000 (14:39 +0000)
committerXinchen Hui <laruence@php.net>
Tue, 24 Jan 2012 14:39:45 +0000 (14:39 +0000)
NEWS patch | blob | history
Zend/tests/bug60825.phpt [new file with mode: 0644] patch | blob
Zend/zend_vm_def.h patch | blob | history
Zend/zend_vm_execute.h patch | blob | history

diff --git a/NEWS b/NEWS
index 66ff0cc00a83098638ac863535be8a0fac410dab..773f84b5e2f4e4055f6550bd8509af9d83747efa 100644 (file)
--- a/NEWS
+++ b/NEWS
@@ -5,6 +5,8 @@ PHP                                                                        NEWS
 - Core:
  . Fixed bug #60227 (header() cannot detect the multi-line header with CR).
    (rui)
+ . Fixed bug #60825 (Segfault when running symfony 2 tests).
+   (Dmitry, Laruence)
 
 - Firebird Database extension (ibase):
  . Fixed bug #60802 (ibase_trans() gives segfault when passing params).
diff --git a/Zend/tests/bug60825.phpt b/Zend/tests/bug60825.phpt
new file mode 100644 (file)
index 0000000..0aeb8f7
--- /dev/null
+++ b/Zend/tests/bug60825.phpt
@@ -0,0 +1,19 @@
+--TEST--
+Bug #60825 (Segfault when running symfony 2 tests)
+--DESCRIPTION--
+run this with valgrind
+--FILE--
+<?php
+class test {
+       public static $x;
+       public function __toString() {
+               self::$x = $this;
+               return __FILE__;
+       }
+}
+$a = new test;
+require_once $a;
+debug_zval_dump(test::$x);
+?>
+--EXPECTF--
+string(%d) "%sbug60825.php" refcount(2)
diff --git a/Zend/zend_vm_def.h b/Zend/zend_vm_def.h
index 635127776f0fe2daf12356d4d136053c343429da..34020fb9fc0b14eee47924bf72373e9d9d64421f 100644 (file)
--- a/Zend/zend_vm_def.h
+++ b/Zend/zend_vm_def.h
@@ -3224,14 +3224,15 @@ ZEND_VM_HANDLER(73, ZEND_INCLUDE_OR_EVAL, CONST|TMP|VAR|CV, ANY)
        int return_value_used;
        zend_free_op free_op1;
        zval *inc_filename = GET_OP1_ZVAL_PTR(BP_VAR_R);
-       zval tmp_inc_filename;
+       zval *tmp_inc_filename = NULL;
        zend_bool failure_retval=0;
 
        if (inc_filename->type!=IS_STRING) {
-               tmp_inc_filename = *inc_filename;
-               zval_copy_ctor(&tmp_inc_filename);
-               convert_to_string(&tmp_inc_filename);
-               inc_filename = &tmp_inc_filename;
+               MAKE_STD_ZVAL(tmp_inc_filename);
+               *tmp_inc_filename = *inc_filename;
+               zval_copy_ctor(tmp_inc_filename);
+               convert_to_string(tmp_inc_filename);
+               inc_filename = tmp_inc_filename;
        }
 
        return_value_used = RETURN_VALUE_USED(opline);
@@ -3297,8 +3298,8 @@ ZEND_VM_HANDLER(73, ZEND_INCLUDE_OR_EVAL, CONST|TMP|VAR|CV, ANY)
                        EMPTY_SWITCH_DEFAULT_CASE()
                }
        }
-       if (inc_filename==&tmp_inc_filename) {
-               zval_dtor(&tmp_inc_filename);
+       if (tmp_inc_filename) {
+               zval_ptr_dtor(&tmp_inc_filename);
        }
        FREE_OP1();
        EX_T(opline->result.u.var).var.ptr_ptr = &EX_T(opline->result.u.var).var.ptr;
diff --git a/Zend/zend_vm_execute.h b/Zend/zend_vm_execute.h
index d2c96a4588c54ad719257e14227249d5989c7da3..2889965e9d44b125e42a2a953e89fbfdb6e229c9 100644 (file)
--- a/Zend/zend_vm_execute.h
+++ b/Zend/zend_vm_execute.h
@@ -1902,14 +1902,15 @@ static int ZEND_FASTCALL  ZEND_INCLUDE_OR_EVAL_SPEC_CONST_HANDLER(ZEND_OPCODE_HA
        int return_value_used;
 
        zval *inc_filename = &opline->op1.u.constant;
-       zval tmp_inc_filename;
+       zval *tmp_inc_filename = NULL;
        zend_bool failure_retval=0;
 
        if (inc_filename->type!=IS_STRING) {
-               tmp_inc_filename = *inc_filename;
-               zval_copy_ctor(&tmp_inc_filename);
-               convert_to_string(&tmp_inc_filename);
-               inc_filename = &tmp_inc_filename;
+               MAKE_STD_ZVAL(tmp_inc_filename);
+               *tmp_inc_filename = *inc_filename;
+               zval_copy_ctor(tmp_inc_filename);
+               convert_to_string(tmp_inc_filename);
+               inc_filename = tmp_inc_filename;
        }
 
        return_value_used = RETURN_VALUE_USED(opline);
@@ -1975,8 +1976,8 @@ static int ZEND_FASTCALL  ZEND_INCLUDE_OR_EVAL_SPEC_CONST_HANDLER(ZEND_OPCODE_HA
                        EMPTY_SWITCH_DEFAULT_CASE()
                }
        }
-       if (inc_filename==&tmp_inc_filename) {
-               zval_dtor(&tmp_inc_filename);
+       if (tmp_inc_filename) {
+               zval_ptr_dtor(&tmp_inc_filename);
        }
 
        EX_T(opline->result.u.var).var.ptr_ptr = &EX_T(opline->result.u.var).var.ptr;
@@ -5190,14 +5191,15 @@ static int ZEND_FASTCALL  ZEND_INCLUDE_OR_EVAL_SPEC_TMP_HANDLER(ZEND_OPCODE_HAND
        int return_value_used;
        zend_free_op free_op1;
        zval *inc_filename = _get_zval_ptr_tmp(&opline->op1, EX(Ts), &free_op1 TSRMLS_CC);
-       zval tmp_inc_filename;
+       zval *tmp_inc_filename = NULL;
        zend_bool failure_retval=0;
 
        if (inc_filename->type!=IS_STRING) {
-               tmp_inc_filename = *inc_filename;
-               zval_copy_ctor(&tmp_inc_filename);
-               convert_to_string(&tmp_inc_filename);
-               inc_filename = &tmp_inc_filename;
+               MAKE_STD_ZVAL(tmp_inc_filename);
+               *tmp_inc_filename = *inc_filename;
+               zval_copy_ctor(tmp_inc_filename);
+               convert_to_string(tmp_inc_filename);
+               inc_filename = tmp_inc_filename;
        }
 
        return_value_used = RETURN_VALUE_USED(opline);
@@ -5263,8 +5265,8 @@ static int ZEND_FASTCALL  ZEND_INCLUDE_OR_EVAL_SPEC_TMP_HANDLER(ZEND_OPCODE_HAND
                        EMPTY_SWITCH_DEFAULT_CASE()
                }
        }
-       if (inc_filename==&tmp_inc_filename) {
-               zval_dtor(&tmp_inc_filename);
+       if (tmp_inc_filename) {
+               zval_ptr_dtor(&tmp_inc_filename);
        }
        zval_dtor(free_op1.var);
        EX_T(opline->result.u.var).var.ptr_ptr = &EX_T(opline->result.u.var).var.ptr;
@@ -8573,14 +8575,15 @@ static int ZEND_FASTCALL  ZEND_INCLUDE_OR_EVAL_SPEC_VAR_HANDLER(ZEND_OPCODE_HAND
        int return_value_used;
        zend_free_op free_op1;
        zval *inc_filename = _get_zval_ptr_var(&opline->op1, EX(Ts), &free_op1 TSRMLS_CC);
-       zval tmp_inc_filename;
+       zval *tmp_inc_filename = NULL;
        zend_bool failure_retval=0;
 
        if (inc_filename->type!=IS_STRING) {
-               tmp_inc_filename = *inc_filename;
-               zval_copy_ctor(&tmp_inc_filename);
-               convert_to_string(&tmp_inc_filename);
-               inc_filename = &tmp_inc_filename;
+               MAKE_STD_ZVAL(tmp_inc_filename);
+               *tmp_inc_filename = *inc_filename;
+               zval_copy_ctor(tmp_inc_filename);
+               convert_to_string(tmp_inc_filename);
+               inc_filename = tmp_inc_filename;
        }
 
        return_value_used = RETURN_VALUE_USED(opline);
@@ -8646,8 +8649,8 @@ static int ZEND_FASTCALL  ZEND_INCLUDE_OR_EVAL_SPEC_VAR_HANDLER(ZEND_OPCODE_HAND
                        EMPTY_SWITCH_DEFAULT_CASE()
                }
        }
-       if (inc_filename==&tmp_inc_filename) {
-               zval_dtor(&tmp_inc_filename);
+       if (tmp_inc_filename) {
+               zval_ptr_dtor(&tmp_inc_filename);
        }
        if (free_op1.var) {zval_ptr_dtor(&free_op1.var);};
        EX_T(opline->result.u.var).var.ptr_ptr = &EX_T(opline->result.u.var).var.ptr;
@@ -22465,14 +22468,15 @@ static int ZEND_FASTCALL  ZEND_INCLUDE_OR_EVAL_SPEC_CV_HANDLER(ZEND_OPCODE_HANDL
        int return_value_used;
 
        zval *inc_filename = _get_zval_ptr_cv(&opline->op1, EX(Ts), BP_VAR_R TSRMLS_CC);
-       zval tmp_inc_filename;
+       zval *tmp_inc_filename = NULL;
        zend_bool failure_retval=0;
 
        if (inc_filename->type!=IS_STRING) {
-               tmp_inc_filename = *inc_filename;
-               zval_copy_ctor(&tmp_inc_filename);
-               convert_to_string(&tmp_inc_filename);
-               inc_filename = &tmp_inc_filename;
+               MAKE_STD_ZVAL(tmp_inc_filename);
+               *tmp_inc_filename = *inc_filename;
+               zval_copy_ctor(tmp_inc_filename);
+               convert_to_string(tmp_inc_filename);
+               inc_filename = tmp_inc_filename;
        }
 
        return_value_used = RETURN_VALUE_USED(opline);
@@ -22538,8 +22542,8 @@ static int ZEND_FASTCALL  ZEND_INCLUDE_OR_EVAL_SPEC_CV_HANDLER(ZEND_OPCODE_HANDL
                        EMPTY_SWITCH_DEFAULT_CASE()
                }
        }
-       if (inc_filename==&tmp_inc_filename) {
-               zval_dtor(&tmp_inc_filename);
+       if (tmp_inc_filename) {
+               zval_ptr_dtor(&tmp_inc_filename);
        }
 
        EX_T(opline->result.u.var).var.ptr_ptr = &EX_T(opline->result.u.var).var.ptr;
Unnamed repository; edit this file 'description' to name the repository.